psacct

Audit trail via Process Accounting

(via www.cyberciti.biz)

Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands...

Syndicate content
Comment